Ryuk Ransomware
News | 01/03/2019

Ryuk Ransomware attack cripples major Newspaper publications in the US

About: Several major U.S. newspaper publications including the Los Angeles Times, the San Diego Union-Tribune, and all Tribune Publishing reported they were victims of production-disrupting cyber attacks bearing the signature of Ryuk Ransomware...  Read More  

| News | Ryuk Ransomware attack cripples major Newspaper publications in the US

Ryuk ransomware is believed to be the culprit behind the impeded printing & delivery of major newspaper publications in the United States i.e. Los Angeles Times and Tribune Publishing.

Tribune Publications impacted

The malware attack on Tribune Publishing’s software systems was discovered on 28th December 2018. The abuse on the software delayed weekend distribution of the newspaper & affected Tribune publications throughout the country.


Among the publications affected include:

Baltimore Sun, Capital Gazette, Chicago Tribune, Hartford Courant, Wall Street Journal,

New York Times, Carroll County Times, Lake County News-Sun, the South Florida Sun Sentinel & Post-Tribune.


The Los Angeles Times & San Diego Union-Tribune that were formerly part of Tribune Publishing newspapers were also slammed by the Ransomware.


The print editions of the affected newspapers were published on Saturday without obituary section & paid classified ads according to the publications.


The attack is believed to have originated outside the US and intended to create chaos & disable infrastructure rather than steal information. The publication further alleges that no subscriber personal details were compromised. Also, it is known that publication’s websites or online editions remained unaffected.

What is Ryuk Ransomware?

Ryuk Ransomware is a descendant of the Hermes Ransomware family that debuted in the month of August 2018. The critical nature of the ransomware, the high ransom demands & the labor intensive nature of the decryption tool makes it popular among the Ransomware family.Ryuk Ransom Note


The modular framework of this Ransomware allows criminals to make custom versions against specific targets. Unlike the common Ransomware systematically distributed via massive spam campaigns & exploit kits, Ryuk is used especially for tailored attacks.


Ryuk tends to hit high value target that can’t afford major downtime, demanding hefty Bitcoin ransoms.


December 2018 brought a new version of this crypto virus that caused disruption in printing & delivery of major newspaper publications in the US.


Research reveals that the group behind Ryuk known as Grim Spider has already received nearly 400 Bitcoin that valued more than $1,520,000 from victims in about 4 months. It’s unclear if any of that ransom came from Tribune Publishing.


Insights of Ryuk Ransomware attack on US Newspaper Publications

The malfunctioning in the publication’s server was first noticed on Thursday night i.e. 27th December 2018. It appeared to have proliferated throughout printing software systems of the publication on Saturday enervating operations & obstructing page transmissions to Southern California Printing Presses.


Treat actors behind the attack haven’t been identified but the odds are good that it is someone whose motive was to spoil the reputation of the publication.


Though the outage of the attack is yet to be completely resolved, the on-time deliveries of the newspapers were resumed on Sunday. The FBI & the Homeland Security officials are working with the government & industry partners to better understand the situation.


How to Defend against a Ransomware?

Ransomware attacks have become widespread and are responsible for crippling systems. It is therefore important to undertake security measures to avoid unforeseen circumstances.


  1. Education of malware attacks is vital among security professionals to spot social engineering attacks & hence prevent its outbreak.
  2. Layers of data protection in the systems & software including regular backups, robust encryption and secure cloud storage is utmost important to manage networks and prevent data breach.
  3. Accounts should be protected with strong passwords that are difficult to crack.
  4. Security software that implements behavioral detection to combat ransomware should be installed on systems.

Hits: 332

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866